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CLAIMS 



1 . A subscriber identification module for providing local authentication of a 
. 2 subscriber in a communication system, comprising: 

a memory; and 

4 a processor configured to implement a set of instructions stored in the 

memory, the set of instructions for: 
A generating a plurality of keys in response to a received challenge; 

generating an authentication signal based on a received signal and 
jfj a first key from the plurality of keys, wherein the received signal is 

J; transmitted from a communications unit communicatively coupled to the 

10 subscriber identification module, and the received signal is generated by 

the communications unit using a second key from the plurality of keys, the 
second key having been communicated from the subscriber identification 
module to the communications unit; and 
1|§ transmitting the authentication signal to the communications system 

f;:= via the communications unit. 

2. The processor of 1 , wherein the authentication signal is generated by a 
2 hash function. 

3. The processor of 2, wherein the hash function is the Secure Hash 
2 Algorithm (SHA-1). 

4. The processor of 1 , wherein the authentication signal is generated by an 
2 encryption algorithm. 

5. The processor of 4, wherein the encryption algorithm is the Data 
2 Encryption Standard (DES). 



[PA010055] 17 



6. A subscriber identification module, comprising: 
a key generation element; and 

a signature generator configured to receive a secret key from the key 
generation element and information from a mobile unit, and further configured to 
output a signature to the mobile unit. 

7. The key generation element of Claim 6, comprising: 
a memory; and 

a processor configured to execute a set of instructions stored in the 
memory, wherein the set of instructions performs a cryptographic transformation 
upon an input value to produce a plurality of temporary keys. 

8. The processor of Claim 7, wherein the cryptographic transformation is 
performed using a permanent key. 

9. The signature generator of Claim 6, comprising: 
a memory; and 

a processor configured to execute a set of instructions stored in the 
memory, wherein the set of instructions performs a cryptographic transformation 
upon the information from the mobile unit by using the secret key, wherein the 
signature results from the cryptographic transformation. 

10. An apparatus for providing secure local authentication of a subscriber in a 
communication system, comprising a subscriber identification module configured 
to interact with a communications unit, wherein the subscriber identification 
module comprises: 

a key generator for generating a plurality of keys from a received 
value and a secret value, wherein at least one communication key from 
the plurality of keys is delivered to the communications unit and at least 



[PA010055] 18 



one secret key from the plurality of keys is not delivered to the 
communications unit; and 

a signature generator for generating an authorization signal from 
both the at least one secret key and from an authorization message, 
wherein the authorization message is generated by the communications 
unit using the at least one communication key. 

11. The subscriber identification module of Claim 10, wherein the subscriber 
identification module is configured to be inserted into the communications unit. 

12. The subscriber identification module of Claim 10, wherein the signature 
generator generates the authorization signal by using a hash function. 

13. The subscriber identification module of Claim 10, wherein the signature 
generator generates the authorization signal by using the Data Encryption 
Standard (DES). 

14. The subscriber identification module of Claim 10, wherein the at least one 
communication key comprises an integrity key. 

15. The subscriber identification module of 12, wherein the hash function is 
SHA-1 . 

16. A method for providing authentication of a subscriber using a subscriber 
identification device, comprising: 

generating a plurality of keys; 

transmitting at least one key from the plurality of keys to a 
communications device communicatively coupled to the subscriber identification 
device and holding private at least one key from the plurality of keys; 
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generating a signature at the communications device using both the at 
least one key transmitted to the communications device and a transmission 
message; 

transmitting the signature to the subscriber identification device; 
receiving the signature at the subscriber identification device; 
generating a primary signature from the received signature; and 
conveying the primary signature to a communications system. 

1 7. The method of Claim 1 6, wherein the generating of the signature signal is 
performed using a nonreversible operation. 

18. The method of Claim 16, wherein the generating of the signature signal is 
performed using DES. 

19. The method of Claim 16, wherein the generating of the signature signal is 
performed using a hash function. 

20. The method of Claim 1 9, wherein the hash function is SHA-1 . 

21. A method for providing authentication of a subscriber using a subscriber 
identification device, comprising: 

generating a plurality of keys; 

transmitting at least one key from the plurality of keys to a 
communications device communicatively coupled to the subscriber identification 
device and holding private at least one key from the plurality of keys; 

assigning a weight to the transmission message at the communications 
device in accordance with a relative importance of the transmission message; 

generating a signature at the communications device using both the at 
least one key transmitted to the communications device and the transmission 
message; 
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transmitting the signature to a communications system if the assigned 
weight to the transmission message indicates that the transmission message is 
unimportant; and 

transmitting the signature to the subscriber identification device if the 
assigned weight to the transmission message indicates that the transmission 
message is important, whereupon the subscriber identification device generates 
a primary signature from the received signature signal, and then conveys the 
primary signature to a communications system. 



